CVE-2023-38905

Name of the Vulnerable Software and Affected Versions Jeecg-boot versions 3.5.0 and earlier

Description The issue allows a local attacker to cause a denial of service via the functions Benchmark, PG Sleep, DBMS Lock.Sleep, Waitfor, DECODE, and DBMS PIPE.RECEIVE MESSAGE. This is a result of a SQL injection vulnerability.

Recommendations For Jeecg-boot versions 3.5.0 and earlier, as a temporary workaround, consider disabling the Benchmark, PG Sleep, DBMS Lock.Sleep, Waitfor, DECODE, and DBMS PIPE.RECEIVE MESSAGE functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.